FileFix Attack Exploits Windows File Explorer to Execute PowerShell Commands

[Wrecker4923]

Content source

https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/

There were Fake CAPTCHA, ClickFix, and now this POC FileFix.

A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows.

FileFix attacks also rely on a phishing page, but the ruse is no longer presented as an error or issue. Instead, it may appear as a notification indicating that a file has been shared with the user and includes a request to paste the path into File Explorer to locate it.

The phishing page includes an “Open File Explorer” button that, when clicked, launches File Explorer through the file upload functionality and copies the PowerShell command to the clipboard.

However, to keep the deceit intact, an attacker can hide the malicious PowerShell command by concantenating a dummy file path within a PowerShell comment.